server/api-security/index.html - gerrit/www.eclipse.org/hawk - Git at Google

 <!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta http-equiv=x-ua-compatible content="ie=edge"><meta name=lang:clipboard.copy content="Copy to clipboard"><meta name=lang:clipboard.copied content="Copied to clipboard"><meta name=lang:search.language content=en><meta name=lang:search.pipeline.stopwords content=True><meta name=lang:search.pipeline.trimmer content=True><meta name=lang:search.result.none content="No matching documents"><meta name=lang:search.result.one content="1 matching document"><meta name=lang:search.result.other content="# matching documents"><meta name=lang:search.tokenizer content=[\s\-]+><link rel="shortcut icon" href=../../assets/images/favicon.png><meta name=generator content="mkdocs-1.0.4, mkdocs-material-4.4.2"><title>Thrift API security - Eclipse Hawk</title><link rel=stylesheet href=../../assets/stylesheets/application.30686662.css><link rel=stylesheet href=../../assets/stylesheets/application-palette.a8b3c06d.css><meta name=theme-color content=#7e57c2><script src=../../assets/javascripts/modernizr.74668098.js></script><link href=https://fonts.gstatic.com rel=preconnect crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback"><style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style><link rel=stylesheet href=../../assets/fonts/material-icons.css><link rel=stylesheet href=../../stylesheets/extra.css><!-- FAVICON --><link rel=apple-touch-icon sizes=180x180 href=/img/apple-touch-icon.png><link rel=icon type=image/png sizes=32x32 href=/img/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/img/favicon-16x16.png><link rel=manifest href=/img/site.webmanifest><link rel=mask-icon href=/img/safari-pinned-tab.svg color=#5bbad5><link rel="shortcut icon" href=/img/favicon.ico><meta name=msapplication-TileColor content=#b91d47><meta name=msapplication-config content=/img/browserconfig.xml><meta name=theme-color content=#ffffff></head> <body dir=ltr data-md-color-primary=deep-purple data-md-color-accent=deep-purple> <svg class=md-svg> <defs> </defs> </svg> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay data-md-component=overlay for=__drawer></label> <header class=md-header data-md-component=header> <nav class="md-header-nav md-grid"> <div class=md-flex> <div class="md-flex__cell md-flex__cell--shrink"> <a href=../.. title="Eclipse Hawk" class="md-header-nav__button md-logo"> <img src=../../img/hawk-logo-white.svg width=24 height=24> </a> </div> <div class="md-flex__cell md-flex__cell--shrink"> <label class="md-icon md-icon--menu md-header-nav__button" for=__drawer></label> </div> <div class="md-flex__cell md-flex__cell--stretch"> <div class="md-flex__ellipsis md-header-nav__title" data-md-component=title> <span class=md-header-nav__topic> Eclipse Hawk </span> <span class=md-header-nav__topic> Thrift API security </span> </div> </div> <div class="md-flex__cell md-flex__cell--shrink"> <label class="md-icon md-icon--search md-header-nav__button" for=__search></label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=query data-md-state=active> <label class="md-icon md-search__icon" for=__search></label> <button type=reset class="md-icon md-search__icon" data-md-component=reset tabindex=-1> &#xE5CD; </button> </form> <div class=md-search__output> <div class=md-search__scrollwrap data-md-scrollfix> <div class=md-search-result data-md-component=result> <div class=md-search-result__meta> Type to start searching </div> <ol class=md-search-result__list></ol> </div> </div> </div> </div> </div> </div> <div class="md-flex__cell md-flex__cell--shrink"> <div class=md-header-nav__source> <a href=https://git.eclipse.org/c/hawk/hawk.git/ title="Go to repository" class=md-source data-md-source> <div class=md-source__repository> Git repository @ Eclipse </div> </a> </div> </div> </div> </nav> </header> <div class=md-container> <main class=md-main role=main> <div class="md-main__inner md-grid" data-md-component=container> <div class="md-sidebar md-sidebar--primary" data-md-component=navigation> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--primary" data-md-level=0> <label class="md-nav__title md-nav__title--site" for=__drawer> <a href=../.. title="Eclipse Hawk" class="md-nav__button md-logo"> <img src=../../img/hawk-logo-white.svg width=48 height=48> </a> Eclipse Hawk </label> <div class=md-nav__source> <a href=https://git.eclipse.org/c/hawk/hawk.git/ title="Go to repository" class=md-source data-md-source> <div class=md-source__repository> Git repository @ Eclipse </div> </a> </div> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../.. title=Home class=md-nav__link> Home </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-toggle md-nav__toggle" data-md-toggle=nav-2 type=checkbox id=nav-2> <label class=md-nav__link for=nav-2> Basic use </label> <nav class=md-nav data-md-component=collapsible data-md-level=1> <label class=md-nav__title for=nav-2> Basic use </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../basic-use/installation/ title=Installation class=md-nav__link> Installation </a> </li> <li class=md-nav__item> <a href=../../basic-use/core-concepts/ title="Core concepts" class=md-nav__link> Core concepts </a> </li> <li class=md-nav__item> <a href=../../basic-use/examples-xmi/ title="Examples (XMI)" class=md-nav__link> Examples (XMI) </a> </li> <li class=md-nav__item> <a href=../../basic-use/examples-modelio/ title="Examples (Modelio)" class=md-nav__link> Examples (Modelio) </a> </li> <li class=md-nav__item> <a href=../../basic-use/papyrus/ title="Papyrus UML support" class=md-nav__link> Papyrus UML support </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-toggle md-nav__toggle" data-md-toggle=nav-3 type=checkbox id=nav-3> <label class=md-nav__link for=nav-3> Advanced use </label> <nav class=md-nav data-md-component=collapsible data-md-level=1> <label class=md-nav__title for=nav-3> Advanced use </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../advanced-use/graph-as-emf/ title="Graph as EMF model" class=md-nav__link> Graph as EMF model </a> </li> <li class=md-nav__item> <a href=../../advanced-use/advanced-props/ title="Advanced properties" class=md-nav__link> Advanced properties </a> </li> <li class=md-nav__item> <a href=../../advanced-use/meta-queries/ title="Meta-level queries" class=md-nav__link> Meta-level queries </a> </li> <li class=md-nav__item> <a href=../../advanced-use/temporal-queries/ title="Temporal queries" class=md-nav__link> Temporal queries </a> </li> <li class=md-nav__item> <a href=../../advanced-use/oomph/ title="Oomph and Hawk" class=md-nav__link> Oomph and Hawk </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--active md-nav__item--nested"> <input class="md-toggle md-nav__toggle" data-md-toggle=nav-4 type=checkbox id=nav-4 checked> <label class=md-nav__link for=nav-4> Server </label> <nav class=md-nav data-md-component=collapsible data-md-level=1> <label class=md-nav__title for=nav-4> Server </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../architecture/ title=Architecture class=md-nav__link> Architecture </a> </li> <li class=md-nav__item> <a href=../api/ title="Thrift API" class=md-nav__link> Thrift API </a> </li> <li class="md-nav__item md-nav__item--active"> <input class="md-toggle md-nav__toggle" data-md-toggle=toc type=checkbox id=__toc> <a href=./ title="Thrift API security" class="md-nav__link md-nav__link--active"> Thrift API security </a> </li> <li class=md-nav__item> <a href=../deployment/ title=Deployment class=md-nav__link> Deployment </a> </li> <li class=md-nav__item> <a href=../cli/ title="Console client" class=md-nav__link> Console client </a> </li> <li class=md-nav__item> <a href=../eclipse/ title="Eclipse client" class=md-nav__link> Eclipse client </a> </li> <li class=md-nav__item> <a href=../file-config/ title="File-based configuration" class=md-nav__link> File-based configuration </a> </li> <li class=md-nav__item> <a href=../logging/ title=Logging class=md-nav__link> Logging </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-toggle md-nav__toggle" data-md-toggle=nav-5 type=checkbox id=nav-5> <label class=md-nav__link for=nav-5> Developers </label> <nav class=md-nav data-md-component=collapsible data-md-level=1> <label class=md-nav__title for=nav-5> Developers </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../developers/run-from-source/ title="Run GUI from source" class=md-nav__link> Run GUI from source </a> </li> <li class=md-nav__item> <a href=../../developers/server-from-source/ title="Run Server from source" class=md-nav__link> Run Server from source </a> </li> <li class=md-nav__item> <a href=../../developers/plain-maven/ title="Build with plain Maven" class=md-nav__link> Build with plain Maven </a> </li> <li class=md-nav__item> <a href=../../developers/website/ title="Work on the website" class=md-nav__link> Work on the website </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../additional-resources/ title="Additional resources" class=md-nav__link> Additional resources </a> </li> <li class=md-nav__item> <a href=https://www.eclipse.org/forums/index.php/f/442/ title=Forum class=md-nav__link> Forum </a> </li> <li class=md-nav__item> <a href=https://ci.eclipse.org/hawk/ title=Builds class=md-nav__link> Builds </a> </li> </ul> </nav> </div> </div> </div> <div class=md-content> <article class="md-content__inner md-typeset"> <h1>Thrift API security</h1> <p>In some cases, we may want to protect the API from unaccounted use, as clients would have access to potentially sensitive information. In order to provide this access control, the <a href=https://shiro.apache.org/ >Apache Shiro</a> library has been integrated transparently as a filter for all incoming requests to the endpoints under <code>/thrift</code>. <code>/thrift-local</code> endpoints are not password-protected, as they only answer requests from other processes in the machine hosting the MONDO Server.</p> <p>Apache Shiro protects these <code>/thrift</code> endpoints using standard HTTP Basic authentication, which is transparent to Thrift, avoiding the need to pollute the web API with access tokens in every single method. Industrial partners will be instructed to always use the authentication layer in combination with SSL, since HTTP Basic by itself is insecure.</p> <p>One important advantage of Shiro is its configurability through a single <code>.ini</code> file, like this one:</p> <div class=codehilite><pre><span></span>[main]
 # Objects and their properties are defined here,
 # Such as the securityManager, Realms and anything
 # else needed to build the SecurityManager

 # Note: this should be set to true in production!
 ssl.enabled = true

 # Toggle to enable/disable authentication completely
 authcBasic.enabled = true

 # Use Hawk realm
 mondoRealm = uk.ac.york.mondo.integration.server.users.servlet.shiro.UsersRealm
 securityManager.realms = $mondoRealm

 # We’re using SHA−512 for passwords, with 10k iterations
 credentialsMatcher = org.apache.shiro.authc.credential.Sha512CredentialsMatcher
 credentialsMatcher.hashIterations = 10000
 mondoRealm.credentialsMatcher = $credentialsMatcher

 [urls]
 /thrift/** = ssl, authcBasic
 </pre></div> <p>Shiro is heavily componentized, making it easy to provide alternative implementations of certain pieces and reuse the default implementations for the rest. In the shown example, all requests to the <code>/thrift</code> endpoints go through the default <code>ssl</code> and <code>authcBasic</code> filters: when enabled, these filters enforce the use of SSL and HTTP Basic authentication respectively. Both filters should be enabled in production environments.</p> <p>For the HTTP Basic authentication, the server provides its own implementation of a Shiro security realm, which is dedicated to storing and retrieving user details. The security realm uses an embedded <a href=http://www.mapdb.org/ >MapDB</a> database to persist these user details, which are managed through the Users service (Section 5.2.4). An embedded database was used in order to prevent end users from having to set up a database just to store a small set of users. MapDB is distributed as a single <code>.jar</code> file, making it very simple to integrate. In any case, the realm could be replaced with another one if desired by editing <code>shiro.ini</code> on an installation.</p> <p>Passwords for the MONDO realm are stored in a hashed and salted form, using 10000 iterations of SHA-512 and a random per-password salt.</p> <p>As for the client side, the command-line based clients accept optional arguments for the required credentials when connecting to the Thrift endpoints. If the password is omitted, the command-line based clients will require it in a separate "silent" prompt that does not show the characters that are typed, preventing shoulder surfing attacks. Due to limitations in the Eclipse graphical user interface, these silent prompts are only available when running the command-line based clients from a proper terminal window and not from the Eclipse "Console" view.</p> <p>The graphical clients connect to the Thrift endpoints using “lazy” credential providers: if authentication is required, they will attempt to retrieve previously used credentials from the Eclipse secure store and if no such credentials exist, they will show an authentication dialog asking for the username and password to be used. The Eclipse secure storage takes advantage of the access control and encryption capabilities of the underlying operating system as much as possible, and makes it possible to store passwords safely and conveniently. These stored MONDO server credentials can be managed from the "Hawk Servers" preference page.</p> <p>Regarding the Artemis messaging queue, it has been secured with the same Shiro realm as the Thrift endpoints. The remote Hawk EMF abstraction (the only component that uses Artemis within the MONDO platform) will connect to Artemis with the same credentials that were used to connect to Thrift, if authentication was required.</p> </article> </div> </div> </main> <footer class=md-footer> <div class=md-footer-nav> <nav class="md-footer-nav__inner md-grid"> <a href=../api/ title="Thrift API" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel=prev> <div class="md-flex__cell md-flex__cell--shrink"> <i class="md-icon md-icon--arrow-back md-footer-nav__button"></i> </div> <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"> <span class=md-flex__ellipsis> <span class=md-footer-nav__direction> Previous </span> Thrift API </span> </div> </a> <a href=../deployment/ title=Deployment class="md-flex md-footer-nav__link md-footer-nav__link--next" rel=next> <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"> <span class=md-flex__ellipsis> <span class=md-footer-nav__direction> Next </span> Deployment </span> </div> <div class="md-flex__cell md-flex__cell--shrink"> <i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i> </div> </a> </nav> </div> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-footer-copyright> <div class=md-footer-copyright__highlight> Copyright © Eclipse Foundation, Inc. All Rights Reserved. </div> powered by <a href=https://www.mkdocs.org>MkDocs</a> and <a href=https://squidfunk.github.io/mkdocs-material/ > Material for MkDocs</a> </div> <div class="md-footer-copyright hawk-eclipse-links"> <ul> <li><a href=https://www.eclipse.org/legal/privacy.php>Privacy Policy</a></li> <li><a href=https://www.eclipse.org/legal/termsofuse.php>Terms of Use</a></li> <li><a href=https://www.eclipse.org/legal/copyright.php>Copyright Agent</a></li> </ul> </div> </div> </div> </footer> </div> <script src=../../assets/javascripts/application.c648116f.js></script> <script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script> </body> </html>
	<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta http-equiv=x-ua-compatible content="ie=edge"><meta name=lang:clipboard.copy content="Copy to clipboard"><meta name=lang:clipboard.copied content="Copied to clipboard"><meta name=lang:search.language content=en><meta name=lang:search.pipeline.stopwords content=True><meta name=lang:search.pipeline.trimmer content=True><meta name=lang:search.result.none content="No matching documents"><meta name=lang:search.result.one content="1 matching document"><meta name=lang:search.result.other content="# matching documents"><meta name=lang:search.tokenizer content=[\s\-]+><link rel="shortcut icon" href=../../assets/images/favicon.png><meta name=generator content="mkdocs-1.0.4, mkdocs-material-4.4.2"><title>Thrift API security - Eclipse Hawk</title><link rel=stylesheet href=../../assets/stylesheets/application.30686662.css><link rel=stylesheet href=../../assets/stylesheets/application-palette.a8b3c06d.css><meta name=theme-color content=#7e57c2><script src=../../assets/javascripts/modernizr.74668098.js></script><link href=https://fonts.gstatic.com rel=preconnect crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700\|Roboto+Mono&display=fallback"><style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style><link rel=stylesheet href=../../assets/fonts/material-icons.css><link rel=stylesheet href=../../stylesheets/extra.css><!-- FAVICON --><link rel=apple-touch-icon sizes=180x180 href=/img/apple-touch-icon.png><link rel=icon type=image/png sizes=32x32 href=/img/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/img/favicon-16x16.png><link rel=manifest href=/img/site.webmanifest><link rel=mask-icon href=/img/safari-pinned-tab.svg color=#5bbad5><link rel="shortcut icon" href=/img/favicon.ico><meta name=msapplication-TileColor content=#b91d47><meta name=msapplication-config content=/img/browserconfig.xml><meta name=theme-color content=#ffffff></head> <body dir=ltr data-md-color-primary=deep-purple data-md-color-accent=deep-purple> <svg class=md-svg> <defs> </defs> </svg> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay data-md-component=overlay for=__drawer></label> <header class=md-header data-md-component=header> <nav class="md-header-nav md-grid"> <div class=md-flex> <div class="md-flex__cell md-flex__cell--shrink"> <a href=../.. title="Eclipse Hawk" class="md-header-nav__button md-logo"> <img src=../../img/hawk-logo-white.svg width=24 height=24> </a> </div> <div class="md-flex__cell md-flex__cell--shrink"> <label class="md-icon md-icon--menu md-header-nav__button" for=__drawer></label> </div> <div class="md-flex__cell md-flex__cell--stretch"> <div class="md-flex__ellipsis md-header-nav__title" data-md-component=title> <span class=md-header-nav__topic> Eclipse Hawk </span> <span class=md-header-nav__topic> Thrift API security </span> </div> </div> <div class="md-flex__cell md-flex__cell--shrink"> <label class="md-icon md-icon--search md-header-nav__button" for=__search></label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=query data-md-state=active> <label class="md-icon md-search__icon" for=__search></label> <button type=reset class="md-icon md-search__icon" data-md-component=reset tabindex=-1>  </button> </form> <div class=md-search__output> <div class=md-search__scrollwrap data-md-scrollfix> <div class=md-search-result data-md-component=result> <div class=md-search-result__meta> Type to start searching </div> <ol class=md-search-result__list></ol> </div> </div> </div> </div> </div> </div> <div class="md-flex__cell md-flex__cell--shrink"> <div class=md-header-nav__source> <a href=https://git.eclipse.org/c/hawk/hawk.git/ title="Go to repository" class=md-source data-md-source> <div class=md-source__repository> Git repository @ Eclipse </div> </a> </div> </div> </div> </nav> </header> <div class=md-container> <main class=md-main role=main> <div class="md-main__inner md-grid" data-md-component=container> <div class="md-sidebar md-sidebar--primary" data-md-component=navigation> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--primary" data-md-level=0> <label class="md-nav__title md-nav__title--site" for=__drawer> <a href=../.. title="Eclipse Hawk" class="md-nav__button md-logo"> <img src=../../img/hawk-logo-white.svg width=48 height=48> </a> Eclipse Hawk </label> <div class=md-nav__source> <a href=https://git.eclipse.org/c/hawk/hawk.git/ title="Go to repository" class=md-source data-md-source> <div class=md-source__repository> Git repository @ Eclipse </div> </a> </div> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../.. title=Home class=md-nav__link> Home </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-toggle md-nav__toggle" data-md-toggle=nav-2 type=checkbox id=nav-2> <label class=md-nav__link for=nav-2> Basic use </label> <nav class=md-nav data-md-component=collapsible data-md-level=1> <label class=md-nav__title for=nav-2> Basic use </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../basic-use/installation/ title=Installation class=md-nav__link> Installation </a> </li> <li class=md-nav__item> <a href=../../basic-use/core-concepts/ title="Core concepts" class=md-nav__link> Core concepts </a> </li> <li class=md-nav__item> <a href=../../basic-use/examples-xmi/ title="Examples (XMI)" class=md-nav__link> Examples (XMI) </a> </li> <li class=md-nav__item> <a href=../../basic-use/examples-modelio/ title="Examples (Modelio)" class=md-nav__link> Examples (Modelio) </a> </li> <li class=md-nav__item> <a href=../../basic-use/papyrus/ title="Papyrus UML support" class=md-nav__link> Papyrus UML support </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-toggle md-nav__toggle" data-md-toggle=nav-3 type=checkbox id=nav-3> <label class=md-nav__link for=nav-3> Advanced use </label> <nav class=md-nav data-md-component=collapsible data-md-level=1> <label class=md-nav__title for=nav-3> Advanced use </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../advanced-use/graph-as-emf/ title="Graph as EMF model" class=md-nav__link> Graph as EMF model </a> </li> <li class=md-nav__item> <a href=../../advanced-use/advanced-props/ title="Advanced properties" class=md-nav__link> Advanced properties </a> </li> <li class=md-nav__item> <a href=../../advanced-use/meta-queries/ title="Meta-level queries" class=md-nav__link> Meta-level queries </a> </li> <li class=md-nav__item> <a href=../../advanced-use/temporal-queries/ title="Temporal queries" class=md-nav__link> Temporal queries </a> </li> <li class=md-nav__item> <a href=../../advanced-use/oomph/ title="Oomph and Hawk" class=md-nav__link> Oomph and Hawk </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--active md-nav__item--nested"> <input class="md-toggle md-nav__toggle" data-md-toggle=nav-4 type=checkbox id=nav-4 checked> <label class=md-nav__link for=nav-4> Server </label> <nav class=md-nav data-md-component=collapsible data-md-level=1> <label class=md-nav__title for=nav-4> Server </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../architecture/ title=Architecture class=md-nav__link> Architecture </a> </li> <li class=md-nav__item> <a href=../api/ title="Thrift API" class=md-nav__link> Thrift API </a> </li> <li class="md-nav__item md-nav__item--active"> <input class="md-toggle md-nav__toggle" data-md-toggle=toc type=checkbox id=__toc> <a href=./ title="Thrift API security" class="md-nav__link md-nav__link--active"> Thrift API security </a> </li> <li class=md-nav__item> <a href=../deployment/ title=Deployment class=md-nav__link> Deployment </a> </li> <li class=md-nav__item> <a href=../cli/ title="Console client" class=md-nav__link> Console client </a> </li> <li class=md-nav__item> <a href=../eclipse/ title="Eclipse client" class=md-nav__link> Eclipse client </a> </li> <li class=md-nav__item> <a href=../file-config/ title="File-based configuration" class=md-nav__link> File-based configuration </a> </li> <li class=md-nav__item> <a href=../logging/ title=Logging class=md-nav__link> Logging </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-toggle md-nav__toggle" data-md-toggle=nav-5 type=checkbox id=nav-5> <label class=md-nav__link for=nav-5> Developers </label> <nav class=md-nav data-md-component=collapsible data-md-level=1> <label class=md-nav__title for=nav-5> Developers </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../developers/run-from-source/ title="Run GUI from source" class=md-nav__link> Run GUI from source </a> </li> <li class=md-nav__item> <a href=../../developers/server-from-source/ title="Run Server from source" class=md-nav__link> Run Server from source </a> </li> <li class=md-nav__item> <a href=../../developers/plain-maven/ title="Build with plain Maven" class=md-nav__link> Build with plain Maven </a> </li> <li class=md-nav__item> <a href=../../developers/website/ title="Work on the website" class=md-nav__link> Work on the website </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../additional-resources/ title="Additional resources" class=md-nav__link> Additional resources </a> </li> <li class=md-nav__item> <a href=https://www.eclipse.org/forums/index.php/f/442/ title=Forum class=md-nav__link> Forum </a> </li> <li class=md-nav__item> <a href=https://ci.eclipse.org/hawk/ title=Builds class=md-nav__link> Builds </a> </li> </ul> </nav> </div> </div> </div> <div class=md-content> <article class="md-content__inner md-typeset"> <h1>Thrift API security</h1> <p>In some cases, we may want to protect the API from unaccounted use, as clients would have access to potentially sensitive information. In order to provide this access control, the <a href=https://shiro.apache.org/ >Apache Shiro</a> library has been integrated transparently as a filter for all incoming requests to the endpoints under <code>/thrift</code>. <code>/thrift-local</code> endpoints are not password-protected, as they only answer requests from other processes in the machine hosting the MONDO Server.</p> <p>Apache Shiro protects these <code>/thrift</code> endpoints using standard HTTP Basic authentication, which is transparent to Thrift, avoiding the need to pollute the web API with access tokens in every single method. Industrial partners will be instructed to always use the authentication layer in combination with SSL, since HTTP Basic by itself is insecure.</p> <p>One important advantage of Shiro is its configurability through a single <code>.ini</code> file, like this one:</p> <div class=codehilite><pre><span></span>[main]
	# Objects and their properties are defined here,
	# Such as the securityManager, Realms and anything
	# else needed to build the SecurityManager

	# Note: this should be set to true in production!
	ssl.enabled = true

	# Toggle to enable/disable authentication completely
	authcBasic.enabled = true

	# Use Hawk realm
	mondoRealm = uk.ac.york.mondo.integration.server.users.servlet.shiro.UsersRealm
	securityManager.realms = $mondoRealm

	# We’re using SHA−512 for passwords, with 10k iterations
	credentialsMatcher = org.apache.shiro.authc.credential.Sha512CredentialsMatcher
	credentialsMatcher.hashIterations = 10000
	mondoRealm.credentialsMatcher = $credentialsMatcher

	[urls]
	/thrift/** = ssl, authcBasic
	</pre></div> <p>Shiro is heavily componentized, making it easy to provide alternative implementations of certain pieces and reuse the default implementations for the rest. In the shown example, all requests to the <code>/thrift</code> endpoints go through the default <code>ssl</code> and <code>authcBasic</code> filters: when enabled, these filters enforce the use of SSL and HTTP Basic authentication respectively. Both filters should be enabled in production environments.</p> <p>For the HTTP Basic authentication, the server provides its own implementation of a Shiro security realm, which is dedicated to storing and retrieving user details. The security realm uses an embedded <a href=http://www.mapdb.org/ >MapDB</a> database to persist these user details, which are managed through the Users service (Section 5.2.4). An embedded database was used in order to prevent end users from having to set up a database just to store a small set of users. MapDB is distributed as a single <code>.jar</code> file, making it very simple to integrate. In any case, the realm could be replaced with another one if desired by editing <code>shiro.ini</code> on an installation.</p> <p>Passwords for the MONDO realm are stored in a hashed and salted form, using 10000 iterations of SHA-512 and a random per-password salt.</p> <p>As for the client side, the command-line based clients accept optional arguments for the required credentials when connecting to the Thrift endpoints. If the password is omitted, the command-line based clients will require it in a separate "silent" prompt that does not show the characters that are typed, preventing shoulder surfing attacks. Due to limitations in the Eclipse graphical user interface, these silent prompts are only available when running the command-line based clients from a proper terminal window and not from the Eclipse "Console" view.</p> <p>The graphical clients connect to the Thrift endpoints using “lazy” credential providers: if authentication is required, they will attempt to retrieve previously used credentials from the Eclipse secure store and if no such credentials exist, they will show an authentication dialog asking for the username and password to be used. The Eclipse secure storage takes advantage of the access control and encryption capabilities of the underlying operating system as much as possible, and makes it possible to store passwords safely and conveniently. These stored MONDO server credentials can be managed from the "Hawk Servers" preference page.</p> <p>Regarding the Artemis messaging queue, it has been secured with the same Shiro realm as the Thrift endpoints. The remote Hawk EMF abstraction (the only component that uses Artemis within the MONDO platform) will connect to Artemis with the same credentials that were used to connect to Thrift, if authentication was required.</p> </article> </div> </div> </main> <footer class=md-footer> <div class=md-footer-nav> <nav class="md-footer-nav__inner md-grid"> <a href=../api/ title="Thrift API" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel=prev> <div class="md-flex__cell md-flex__cell--shrink"> <i class="md-icon md-icon--arrow-back md-footer-nav__button"></i> </div> <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"> <span class=md-flex__ellipsis> <span class=md-footer-nav__direction> Previous </span> Thrift API </span> </div> </a> <a href=../deployment/ title=Deployment class="md-flex md-footer-nav__link md-footer-nav__link--next" rel=next> <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"> <span class=md-flex__ellipsis> <span class=md-footer-nav__direction> Next </span> Deployment </span> </div> <div class="md-flex__cell md-flex__cell--shrink"> <i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i> </div> </a> </nav> </div> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-footer-copyright> <div class=md-footer-copyright__highlight> Copyright © Eclipse Foundation, Inc. All Rights Reserved. </div> powered by <a href=https://www.mkdocs.org>MkDocs</a> and <a href=https://squidfunk.github.io/mkdocs-material/ > Material for MkDocs</a> </div> <div class="md-footer-copyright hawk-eclipse-links"> <ul> <li><a href=https://www.eclipse.org/legal/privacy.php>Privacy Policy</a></li> <li><a href=https://www.eclipse.org/legal/termsofuse.php>Terms of Use</a></li> <li><a href=https://www.eclipse.org/legal/copyright.php>Copyright Agent</a></li> </ul> </div> </div> </div> </footer> </div> <script src=../../assets/javascripts/application.c648116f.js></script> <script>app.initialize({version:"1.0.4",url:{base:"../.."}})</script> </body> </html>